PT-2026-49759

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where workspace .env files can influence the Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can manipulate...

PT-2026-48681

Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...

CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

PT-2026-29526

Name of the Vulnerable Software and Affected Versions pymanager affected versions not specified Description pymanager included the current working directory in its sys.path, allowing modules in the current working directory to shadow intended packages. If a user runs a pymanager-generated command...

MAL-2026-1496 Malicious code in robloxapi-testy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0221b6839d8882a9275e177ae71c7bed9cc15a96800e4cead5766c67f0dd042 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

Gradio 安全漏洞

Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.7, Gradio had a security vulnerability. This vulnerability stemmed from changes in the definition of os.path.isabs in Python 3.13+,...

CVE-2026-26975

Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass...

PT-2026-20924

Splunk Enterprise Windows flaws CVSS 7.7 CVE-2026-20143 & CVE-2026-20140 allow system takeover via DLL and Python search path hijacking. Patch immediately. Splunk CyberSecurity InfoSec WindowsSecurity DLLHijacking LPE PatchNow https://t.co/wudRkJ9tIM...

PT-2026-20923

Name of the Vulnerable Software and Affected Versions Splunk Enterprise for Windows versions prior to 10.2.0 Splunk Enterprise for Windows versions prior to 10.0.3 Splunk Enterprise for Windows versions prior to 9.4.8 Splunk Enterprise for Windows versions prior to 9.3.9 Splunk Enterprise for...

BIT-PYTHON-2025-6075 Quadratic complexity in os.path.expandvars() with user-controlled template

If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...

gimp:2.8 security update

gimp 2:2.8.22-26.3 - fix CVE-2025-10920 - fix CVE-2025-10921 - fix CVE-2025-10922 - fix CVE-2025-10923 - fix CVE-2025-10924 - fix CVE-2025-10925 - fix CVE-2025-10934 2:2.8.22-26.2 - fix CVE-2025-5473 RHEL-95696 2:2.8.22-26.1 - fix CVE-2025-48797 RHEL-93503 - fix CVE-2025-48798 RHEL-93506...

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

CVE-2024-48990-PoC What is needrestart and how does it wor...

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

CVE-2024-48990 PYTHONPATH Hijack - Privilege Escalation Exploi...

Linux Distros Unpatched Vulnerability : CVE-2023-41105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at...

BIT-LIBPYTHON-2020-15801

In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected...

The vulnerability of the `py.path.svnwc` component, a development and testing utility for Python programs, allows a hacker to trigger a service failure.

The vulnerability of the py.path.svnwc component, a utility for Python program development and testing, is related to insufficient handling of regular expressions. Exploiting this vulnerability could allow an attacker to cause service failures...

SUSE-SU-2025:20103-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2024-52616: Properly randomize query id of DNS packets bsc1233420. Bug fixes: - No longer supply bogus services to callbacks bsc1226586. - Tag hardening patches as PATCH-FEATURE-OPENSUSE - Remove dependency on /usr/bin/python3 using...

Astra Linux – Vulnerability in needrestart

Qualys discovered that needrestart, prior to version 3.8, allowed local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with a PYTHONPATH environment variable controlled by the attacker...

SUSE CVE-2024-48990

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...

DEBIAN-CVE-2024-48990

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...